5 matches found
EUVD-2023-0489
Malicious code in bioql PyPI...
CVE-2023-22489 Flarum is missing authorization in discussion replies
Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...
PT-2023-18540 · Flarum · Flarum
Name of the Vulnerable Software and Affected Versions: Flarum versions v1.3.0 through v1.6.3 Description: The issue occurs when the first post of a discussion is permanently deleted, but the discussion remains visible. This allows any actor who can view the discussion to create a new reply via th...